117 lines
2.7 KiB
JavaScript
117 lines
2.7 KiB
JavaScript
// Main App
|
|
const express = require('express');
|
|
const app = express();
|
|
const exphbs = require ('express-handlebars');
|
|
const { SetupEnvironment } = require('./environ');
|
|
const SetupRouter = require('./router');
|
|
const bodyParser = require("body-parser");
|
|
const sessionMw = require('./session');
|
|
const csrf = require("./csrf");
|
|
|
|
// Setup the environment
|
|
SetupEnvironment();
|
|
|
|
// Database
|
|
const database = require('./database');
|
|
|
|
// Session
|
|
const session = require('express-session');
|
|
const SequelizeStore = require('connect-session-sequelize')(session.Store);
|
|
const cookieParser = require('cookie-parser');
|
|
|
|
// Error Handling
|
|
const { GenericErrorByCode, FormatForAPI } = require('./errors');
|
|
|
|
// Helpers
|
|
const { HBSHelpers } = require('./helpers');
|
|
|
|
// Security
|
|
const helmet = require('helmet');
|
|
|
|
// Get what we need for starting the server
|
|
const serverPort = process.env.SRV_PORT;
|
|
|
|
// Database Setup
|
|
const db = database.db;
|
|
const sessionStore = new SequelizeStore({
|
|
db: db,
|
|
tableName: 'Session'
|
|
})
|
|
|
|
// Body parsing
|
|
app.use(bodyParser.urlencoded({ extended: true }));
|
|
app.use(bodyParser.json());
|
|
|
|
// Helmet setup
|
|
app.use(
|
|
helmet.contentSecurityPolicy({
|
|
directives: (req, res) => ({
|
|
defaultSrc: ["'self'"],
|
|
scriptSrc: ["'strict-dynamic'", `'nonce-${res.locals.nonce}'`],
|
|
objectSrc: ["'none'"],
|
|
styleSrc: ["'self'", "'unsafe-inline'"],
|
|
imgSrc: ["'self'", 'data:', '*'],
|
|
mediaSrc: ["'self'", 'data:', '*'],
|
|
connectSrc: ["'self'", 'data:', '*']
|
|
}),
|
|
})
|
|
);
|
|
|
|
// Handlebars Setup
|
|
const hbs = exphbs.create({
|
|
helpers: HBSHelpers,
|
|
defaultLayout: 'main',
|
|
extname: '.handlebars',
|
|
|
|
runtimeOptions: {
|
|
allowProtoPropertiesByDefault: true,
|
|
allowProtoMethodsByDefault: true,
|
|
},
|
|
});
|
|
app.engine('handlebars', hbs.engine);
|
|
app.set('view engine', 'handlebars');
|
|
|
|
// Cookie parsing
|
|
app.use(cookieParser(process.env.CKYKEY));
|
|
|
|
// Session
|
|
app.use(session({
|
|
name: 'session',
|
|
secret: process.env.SESSKEY,
|
|
resave: false,
|
|
saveUninitialized: false,
|
|
store: sessionStore,
|
|
cookie: {
|
|
httpOnly: true,
|
|
secure: false,
|
|
sameSite: 'lax',
|
|
path: '/'
|
|
},
|
|
}));
|
|
|
|
// Setup Assets
|
|
app.use(express.static('assets'));
|
|
|
|
// Session middlware
|
|
app.use(sessionMw.PersistSession);
|
|
|
|
// CSRF protection
|
|
app.use(csrf.csrfSynchronisedProtection);
|
|
|
|
// Setup Router
|
|
SetupRouter(app);
|
|
|
|
db.sync().then(() => {
|
|
app.use((req, res, next) => {
|
|
next(GenericErrorByCode(404));
|
|
});
|
|
|
|
app.use((err, req, res, next) => {
|
|
res.status(err.status || 500);
|
|
res.json(FormatForAPI(err.message || 'Internal Server Error'));
|
|
});
|
|
|
|
app.listen(serverPort, () => {
|
|
console.log(`NDM running @ localhost:${serverPort}`);
|
|
});
|
|
}); |